mend

The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets

Apr 23, 2026 By Tom Abai In Mend
Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package. Part 3 covered the telnyx WAV steganography attack. Part 4 covered the xinference AI inference attack. This post covers: a compromised @bitwarden/cli package that combines a self-propagating npm worm, a GitHub Actions secrets dumper, and a novel AI assistant poisoning technique.
Read Post

Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source

Apr 23, 2026 By Corelight In Corelight
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
View Video
Torq

From 24/7 On-Call to Holidays Off: AI SOC Automation Results from Three Security Teams

Apr 23, 2026 By John White In Torq
See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo John White is the Field CISO for EMEA at Torq. A respected security executive with more than 20 years of leadership experience, John previously served as CISO at Virgin Atlantic, where he led a multi-year transformation deploying the Torq AI SOC Platform to modernize cyber operations.
Read Post
egnyte

The AI Ecosystem Problem: Why Enterprise AI Still Feels Fragmented

Apr 23, 2026 By Sanjay Kosuri In Egnyte
Artificial intelligence is everywhere at work. Yet for many teams, it still doesn’t feel very intelligent. The problem isn’t a lack of AI tools. It’s the opposite. AI has exploded across the enterprise, spreading into dozens of apps, assistants, and models. Each tool promises to help, but together they create fragmentation. Employees end up asking the same question in multiple places, switching between systems, and piecing together answers manually.
Read Post
inetco

How to stop fraud and cyberattacks from becoming liquidity ordeals

Apr 23, 2026 By Joe Kitos In INETCO
When it comes to real-time payments, fraud moves fast — but liquidity stress can move even faster. A fraud or cyberattack can quickly become a liquidity event when it disrupts settlement funds, triggers abnormal transaction flows or forces payment services offline. That is why banks, payment processors and instant payment networks need real-time visibility into transaction activity, settlement exposure and emerging operational risk.
Read Post
vanta

When tokenmaxxing leads to riskmaxxing

Apr 23, 2026 By Vanta In Vanta
Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
Read Post

Ask SME Anything: What is Data Lineage?

Apr 23, 2026 By Netskope In Netskope
Ever wonder about the "life story" of your data? When a data security alert triggers, investigating shouldn't mean guessing where your data came from or what happened to it along the way. In this episode of Ask SME Anything, Netskope expert Ankur Chadda breaks down the fundamentals of data lineage—the digital breadcrumb trail that tracks your data's journey from origin to its final destination.
View Video
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.